Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple spy sheriff problems [RESOLVED]


  • This topic is locked This topic is locked

#31
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I can't run house call.

The same thing happens as with the ctrl alt delete thing, the java instal window sticks thetre and can't be moves and nothings clickable on it and it can't be closed.

I'll keep trying though.

Do you think if I called HP or microsoft they'd send me a new disc?


heres the new hijack this log:



Logfile of HijackThis v1.99.1
Scan saved at 2:44:01 PM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...77/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A4DD0B-C3B5-4C44-9F68-3CA48848ABBC}: NameServer = 141.154.0.68 151.203.0.84
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by niccolai, 11 August 2005 - 12:43 PM.

  • 0

Advertisements


#32
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Might be a problem with the Java version. Do you have Java 1.5....the latest versions? If so, I want you to uninstall it and downgrade to version 1.4.2. You can get it here.

If you can confirm that you own it, I think Microsoft will send you the CD. They might ask you to get the product key. This program should tell you what your product key is. DON'T post it here. Give it to Microsoft if they ask for it.
  • 0

#33
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I got java to download, just took a few tries.

To get the CD should I call microsoft and ask or should I call HP?
  • 0

#34
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did housecall work after you got that Java installed?

Call up Microsoft directly. I don't think HP will help you out on this one. You can give it a try, but I think they will just redirect you to Microsoft also.
  • 0

#35
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
the mwav log is huge and I'm having dificulty posting it from my clip board with IE not responding.

the program seemed to stop... it didn't finish and time was still counting, but it stopped scanning through files. I can run it again if you want and leave it on over night or something, but I let this thing site there for over 2 hours...


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:44:27 PM, 8/11/2005
+ Report-Checksum: 202D5338

+ Scan result:

C:\WINDOWS\SYSTEM32\eraseme_52831.exe -> Backdoor.SdBot.aad : Cleaned with backup


::Report End




______________________________________________________________



active scan:



Incident Status Location

Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\SYSTEM32\i
Adware:adware/azesearch No disinfected C:\WINDOWS\zsettings.dll






_________________________________________________





Thu Aug 11 21:10:01 2005 => **********************************************************
Thu Aug 11 21:10:01 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Thu Aug 11 21:10:01 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Aug 11 21:10:01 2005 => **********************************************************
Thu Aug 11 21:10:01 2005 => Version 6.6.7 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Thu Aug 11 21:10:01 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Thu Aug 11 21:10:01 2005 => MWAV Registered: FALSE.
Thu Aug 11 21:10:01 2005 => MWAV Mode: Only Scan files.
Thu Aug 11 21:10:01 2005 => Latest Date of files inside MWAV: 09 Aug 2005 16:55:49.
Thu Aug 11 21:10:01 2005 => Regvalue DisableTaskMgr Reset. This could be part of a worm!!!
Thu Aug 11 21:10:01 2005 => Regvalue DisableTaskMgr Reset. This could be part of a worm!!!
Thu Aug 11 21:10:05 2005 => AV Library Loaded...
Thu Aug 11 21:10:05 2005 => MWAV doing self scanning...
Thu Aug 11 21:10:05 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe
Thu Aug 11 21:10:05 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\Getvlist.exe
Thu Aug 11 21:10:05 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.dll
Thu Aug 11 21:10:05 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssdi.dll
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssi.dll
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavvlg.dll
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\msvlclnt.dll
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\ipc.dll
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\main.avi
Thu Aug 11 21:10:06 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\virus.avi
Thu Aug 11 21:10:06 2005 => MWAV files are clean.
Thu Aug 11 21:10:09 2005 => Virus Database Date: 2005/08/09
Thu Aug 11 21:10:09 2005 => Virus Database Count: 142843

Thu Aug 11 21:11:10 2005 => **********************************************************
Thu Aug 11 21:11:10 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Thu Aug 11 21:11:10 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Aug 11 21:11:10 2005 =>
Thu Aug 11 21:11:10 2005 => Support: support@mwti.net
Thu Aug 11 21:11:10 2005 => Web: http://www.mwti.net
Thu Aug 11 21:11:10 2005 => **********************************************************
Thu Aug 11 21:11:10 2005 => Version 6.6.7 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Thu Aug 11 21:11:10 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Thu Aug 11 21:11:10 2005 => User Account: Owner
Thu Aug 11 21:11:10 2005 => Windows Root Folder: C:\WINDOWS
Thu Aug 11 21:11:10 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Thu Aug 11 21:11:10 2005 => OS: Windows NT
Thu Aug 11 21:11:10 2005 => Latest Date of files inside MWAV: 09 Aug 2005 16:55:49.

Thu Aug 11 21:11:10 2005 => Options Selected by User:
Thu Aug 11 21:11:10 2005 => Memory Check: Enabled
Thu Aug 11 21:11:10 2005 => Registry Check: Enabled
Thu Aug 11 21:11:10 2005 => StartUp Folder Check: Enabled
Thu Aug 11 21:11:10 2005 => System Folder Check: Enabled
Thu Aug 11 21:11:10 2005 => System Area Check: Disabled
Thu Aug 11 21:11:10 2005 => Services Check: Enabled
Thu Aug 11 21:11:10 2005 => Drive Check: Disabled


Thu Aug 11 21:11:10 2005 => All Drive Check :Enabled
Thu Aug 11 21:11:10 2005 => Folder Check: Enabled
Thu Aug 11 21:11:10 2005 => Folder Selected = C:\



Edit: theres NO way the forum will let me post this whole log.


It's 4 MB and would take an hour to cut and paste in sections.

Edited by niccolai, 11 August 2005 - 09:52 PM.

  • 0

#36
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I tried downloading firefox and my computer stops responding whenever I try downloading something. I can't explain how frustrating this is and it is getting worse and worse.
  • 0

#37
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You must have copied the wrong section. That part is going to be huge and we don't need it. Look at the lower pane and copy that part. If you have that 4MB file, look for something like:

Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "HuntBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\logo.act". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Office\Actors\scribble.act". Action Taken: No Action Taken.
....etc.....


Post that part here.

Delete this file if found:

C:\WINDOWS\zsettings.dll
  • 0

#38
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
THis?



Thu Aug 11 21:12:59 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Thu Aug 11 21:12:59 2005 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD

Thu Aug 11 21:13:00 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Aug 11 21:13:00 2005 => Loading Spyware Signatures from FIXED Database...
Thu Aug 11 21:13:34 2005 => System found infected with BearShare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Thu Aug 11 21:13:35 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Thu Aug 11 21:15:00 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Thu Aug 11 21:15:00 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Aug 11 21:15:02 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\TopText iLookup !!!
Thu Aug 11 21:15:02 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Aug 11 21:15:21 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\date manager !!!
Thu Aug 11 21:15:21 2005 => Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Aug 11 21:15:28 2005 => Offending value found in HKLM\Software\vendor !!!
Thu Aug 11 21:15:28 2005 => Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Aug 11 21:15:51 2005 => Offending value found in HKLM\Software\magnet\handlers\bearshare !!!
Thu Aug 11 21:15:51 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Thu Aug 11 21:17:20 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Thu Aug 11 21:17:21 2005 => System found infected with iSearch Spyware/Adware (patch.exe)! Action taken: No Action Taken.

Thu Aug 11 21:17:21 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Thu Aug 11 21:17:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\Program Files\America Online 8.0\patchw32.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\roing.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SBFull.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\ObjSafe.tlb". Action Taken: No Action Taken.

Thu Aug 11 21:17:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\Flasha.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SBFull.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ISTactivex.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Thu Aug 11 21:17:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:24 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:26 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL". Action Taken: No Action Taken.

Thu Aug 11 21:17:27 2005 => Entry "HKCR\CLSID\{0C5B0CED-206B-4c39-B615-0EB23C824612}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\AIIcon.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:27 2005 => Entry "HKCR\CLSID\{0E4796D6-A990-4372-9069-72FBDB4AE868}" refers to invalid object "C:\WINDOWS\System32\o2oService_2.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:28 2005 => Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:30 2005 => Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:31 2005 => Entry "HKCR\CLSID\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}" refers to invalid object "C:\Program Files\AIM Toolbar\AIMBar.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:36 2005 => Entry "HKCR\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\Flasha.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:38 2005 => Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:38 2005 => Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:42 2005 => Entry "HKCR\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\Flasha.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:42 2005 => Entry "HKCR\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\Flasha.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:42 2005 => Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.

Thu Aug 11 21:17:44 2005 => Entry "HKCR\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}" refers to invalid object "C:\WINDOWS\System32\ztoolb006.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:44 2005 => Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.

Thu Aug 11 21:17:51 2005 => Entry "HKCR\AOLCoach.TrainerOCXCtrl.10" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Thu Aug 11 21:17:53 2005 => Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Thu Aug 11 21:17:53 2005 => Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Thu Aug 11 21:17:59 2005 => Entry "HKCR\MediaGatewayX.Installer" refers to invalid object "{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}". Action Taken: No Action Taken.

Thu Aug 11 21:18:00 2005 => Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.

Thu Aug 11 21:18:00 2005 => Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.

Thu Aug 11 21:18:02 2005 => Entry "HKCR\ncmyb.SABHO" refers to invalid object "{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}". Action Taken: No Action Taken.

Thu Aug 11 21:18:02 2005 => Entry "HKCR\ncmyb.SABHO.1" refers to invalid object "{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}". Action Taken: No Action Taken.

Thu Aug 11 21:18:04 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Thu Aug 11 21:18:04 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Thu Aug 11 21:18:05 2005 => Entry "HKCR\RunMSC.Loader" refers to invalid object "{9F95F736-0F62-4214-A4B4-CAA6738D4C07}". Action Taken: No Action Taken.

Thu Aug 11 21:18:05 2005 => Entry "HKCR\RunMSC.Loader.1" refers to invalid object "{9F95F736-0F62-4214-A4B4-CAA6738D4C07}". Action Taken: No Action Taken.

Thu Aug 11 21:18:08 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Thu Aug 11 21:18:08 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Thu Aug 11 21:18:08 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Thu Aug 11 21:18:08 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Thu Aug 11 21:18:09 2005 => Entry "HKCR\ZToolbar.activator.1" refers to invalid object "{FFF5092F-7172-4018-827B-FA5868FB0478}". Action Taken: No Action Taken.

Thu Aug 11 21:18:09 2005 => Entry "HKCR\ZToolbar.StockBar.1" refers to invalid object "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}". Action Taken: No Action Taken.












I found zsettings.dll and deleted it.
  • 0

#39
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\microsoft\downloadmanager]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\TopText iLookup]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\date manager]
[-HKEY_LOCAL_MACHINE\Software\vendor]
[-HKEY_LOCAL_MACHINE\Software\magnet\handlers\bearshare]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

OK, I really try not to do this, but this should clean up those dead registry entries. They are useless and could probably be left alone with no problem. But if you want, you may run RegSeeker to clean it up:

*Download RegSeeker http://www.hoverdesk.net/freeware.htm and install it.
*Click on 'Clean The Registry' in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click 'Select All' on the bottom. Then right-click on any selected item in the window and select 'Delete Selected Items'.
*Click 'Quit RegSeeker'.

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run RegSeeker again. Do the same thing again if anything is found. You may have to run RegSeeker 5 - 6 times, but you want it showing none to very few items.

*Make sure to reboot between each use of the program.


Restart and see if you still have download problems. If you still do, I suggest that you check your router (if you have one - reset it or power it down for a minute) or call up your ISP to make sure it's not a problem at there end.
  • 0

#40
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
The download problem is that the download box stops responding whenever i try downloading something. Notepad does't respond whenever I try and save something, and explorer stops working whenever I try running something.


The only way I can get it to work is if I run/download the program or save the notepad file within the first like 2 minutes of a computer restart.
  • 0

Advertisements


#41
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I ran regseeker about 10 times and it removed about 1500 items, but five keep coming up and won't let me delete them. I tried deleting them in safemode with regseeker and still no luck. I couldn't save a notepad of the files because notepad won't respond when I try saving so I took a screen shot but if I try posting it here, firefox stops responding.


Nothing is detecting any more malware on my computer but I can't open anything without it failing to respond, I can't save, I cant upload, I can't ctrl alt delete past the first 5 minutes my pcs on.... My Pc was in great condition before I clicked that link and I never had problems like this. now nothing responds or works right and theres no malware on my computer so what the [bleep] is wrong and why is it doing this?



I'll keep trying to post the screen shot.

Attached Thumbnails

  • hk.jpg

Edited by niccolai, 13 August 2005 - 12:06 PM.

  • 0

#42
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm not sure what's causing this. Try checking and fixing these in HijackThis:

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


That will disable those programs from starting up. Now restart and see if those three problems are still there.

Try this also (again?):
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.
  • 0

#43
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
it's definately finding missing files, but I have no disk
  • 0

#44
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That's bad news then :tazz:

Where is your Windows disk? You should never lose this CD because it can save you lots of headache when you come across problems like this one here. Do you know what files are missing/corrupted? I don't remember Windows XP's SFC feature mentioning this to the user though.
  • 0

#45
niccolai

niccolai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I got the computer from my mother, she never gave me the disk and doesn't know where it is.


Windows doesn't tell me what files are missing.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP